Tag Archives: Cybersecurity

For the past fifty-six years, the United States Naval Academy has hosted the Naval Academy Foreign Affairs Conference (NAFAC). NAFAC, planned and executed by the midshipmen themselves, brings togetheroutstanding undergraduate delegates as well as notable speakers, scholars, and subject matter experts from around the nation and the world to discuss a current and relevant international relations issue. The theme for this year’s conference, A New Era of Great Power Competition?, seeks to explore the shifting dynamics of the international system, challenges to a U.S. – led world order, the nature of potential future conflicts, the challenge of proto-peer competitors and rising as well as what steps the U.S. might take to remain the primary arbiter of the international system at large. As this topic is of great interest to CIMSEC’s readership, we are proud to partner with NAFAC in this, their 57th year, to bring you a series of real-time posts from the day’s events in Annapolis, MD. CIMSEC would like to recognize MIDN 1/C Charlotte Asdal, NAFAC Director, and her staff for allowing us to participate in this year’s events and for inviting our readership to virtually share in the week’s rich academic environment.

Vice Admiral James Foggo III addressed midshipmen and delegates Thursday morning, the last day of the NAFAC conference. The address, bolstered by personal anecdotes, videos, and photographs from the Navy Staff Director and former 6th Fleet Commander, largely addressed the question of great power competition from the perspective of the United States’ relationship with the Russian Federation. The admiral’s address familiarized the audience with recent history and current operations within the Mediterranean, Arctic, Baltic and beyond, informing the day’s discussion on the evolution of great power competition in the coming decades.

What Makes a Great Power?

To begin, VADM Foggo was careful to define the terms used in answering the question: Are we in a new era of great power competition? The admiral expressed confidence that the United States remains the greatest nation in the world, providing exposition on what makes the United States a great power. Great powers, he explained, go beyond the sum of their people, economic, or military strength to offer ideas, opportunity, and leadership, using their power to affect change for the world’s weakest and most vulnerable populations. Russia, he went on to conclude, is not by this definition a great power – their “sum” qualifies the Federation as a major power, but their actions, primarily enacted in self-interest, disqualify them from great power status. Understanding this distinction is crucial.

The 4th Battle for the Atlantic

VADM Foggo provided helpful historical context for the historical relationship between the Soviet Union/Russian Federation and the United States. The First Battle for the Atlantic, he explained, occurred during the course of World War One, while the Second, where the United States and her allies defeated axis powers relentless undersea tactics with “grit, resolution, the submarine detection system, and the lend-lease program to Britain.” The third battle, he explained, occurred during the course of the Cold War. An unclassified report based on the3rd Battle Innovation Project commissioned by the United States Submarine Force on the contribution of U.S. undersea assets to U.S. victory in the Cold War concluded with the following sentiment: “someday, we may face a 4th Battle of the Atlantic.” VADM Foggo asserted that we are, indeed, in the midst of this battle now. The admiral and his co-author Alarik Fritz of the Center for Naval Analysis, collected their thoughts in an article published by the United States Naval Institute, “The 4th Battle for the Atlantic.”

Rising Tensions

VADM Foggo characterized the aforementioned 4th Battle for the Atlantic though a series of examples and anecdotes. Beginning with Russia’s invasion of Georgia in 2008, the United States exercised its responsibility as a great power to seek to deescalate tensions and compromise where possible by pursuing the Reset policy with the Russian Federation. This policy, he explained, did not work as intended. In 2014, the U.S. was once again surprised by Russia’s aggressive and illegal actions in Ukraine. This unjustified action, he went on, is an example of why Russia is not a great power, but rather only a major power. This action partially inspired the “back to basics” policy for U.S. defense thinkers and policymakers called for by ADM Greenert.

Admiral Foggo recommended several books to the audience, including ONI’s Russian Navy report, which he emphasized was a “must read” for tomorrow’s defense and foreign policy leaders.

Continued Vigilance

VADM Foggo explored a few key areas where Russia is challenging U.S. and allied interests, providing tangible examples. In the Arctic, he explained, Russians currently operate seven former Cold War bases at company- and battalion- strength units with an endurance of a year or more. Russia has militarized the Arctic, which concerns the U.S. and our allies, particularly the Norwegians, regarding restricted access to international waters. To drive this point home, the admiral displayed a photograph of the Russian flag planted at the geographical North Pole, moved there by a Russian submersible.

Given the venue of the conference, VADM Foggo appropriately addressed his professional experience with aggressive actions by the Russian Federation at sea. Beginning with the Su-24 flyby of the USS Donald Cook (DDG-75) in the Black Sea, during which, he emphasized, the wingtip of the Russian aircraft was no more than 30 feet from the deck of the destroyer, the Russian Naval forces escalated tensions in response to U.S. presence in Russia’s adjacent international waters and beyond. The admiral explained the import of strategic communication to gain the moral high ground, which the U.S. achieved by declassifying and releasing an image of the Su-24 narrowly off the bridge wing of the Donald Cook, along with diplomatic protest and meaningful presence in the form of BALTOPS 2016.

“49 Ships Became 52”

BALTOPS is a NATO exercise to improve and display the interoperability of allied forces. The 2016 exercise communicated a clear strategic message; the exercise boasted three amphibious landing operations (versus the previous year’s two), extensive anti-submarine warfare (ASW) operations with three allied submarines and maritime patrol and reconnaissance (MPRA) aircraft, and more. In an effective anecdote that illustrated the Russian response to the exercise, the admiral shared that when reviewing photos from the PHOTOEX conducted during BALTOPS, 52 ships appeared in the photograph – 49 allied vessels, two Russian destroyers, and a Russian AGI. “49 ships, he recalled, became 52.” Tellingly, the Russian response to the success of the strategic messaging of the exercise included “a Stalin-like purge of Russian commanders in the Baltic Fleet,” due to their unwillingness to challenge western ships. Further reinforcing the point, VADM Foggo shared moreexamples of his interactions with Russian counterparts in multilateral and bilateral discussions.

Looking Forward – “The Surest Guarantee of Peace”

The tone of VADM Foggo’s remarks was one of stark realism, but also optimism as well. The admiral expressed confidence in the forces that were under his command, but reiterated to the audience of future diplomatic and military leaders the crucial nature of continued vigilance and continued action in support of the United States’ responsibilities as a great power. He included a timely example – the recent strikes on a Syrian airbase in response to the use of chemical weapons by the Assad regime. “Great powers react, but they react proportionally,” the VADM concluded, expressing belief in the possibility that such actions can bring compromise – a concept, he said, a great power should pursue and prioritize.

Technology and Cyber-Competition Panel

Note: The following information is paraphrased from the panelists’ remarks – their thoughts, remarks, and research are their own and are reproduced here for the information of our audience only.

Panelists Brigadier General Greg Touhill, USAF (ret.), the First Federal Chief of Information Security Officer, Mr. August Cole, Senior Fellow at the Atlantic Council and co-author of Ghost Fleet, andDr. Nicol Turner-Lee, Fellow at the Center for Technology and Innovation at the Brookings Institution, were given the opportunity to provide open-ended remarks before the question and answer portion of the panel.

A Strategic Framework for Cybersecurity

Cybersecurity is a provocative issue, and General Touhill used his opening remarks to dispel some common rumors about the cyber realm. This is not a technology issue, he went on, but a risk management issue; it is an instrinsic facet of [the United States’] national economy and security to be sensitive to the protection of our technology, information, and competitive advantage. Cybersecurity, he explained, is not all about the tech, but rather about the information. When considering cyber strategy, the General contended that a direct, simple strategy is best and most likely to be effectively executed. To this end, he outlined five lines of effort:

Harden the workforce: risk exposure is tremendous, as our culture, norms, and economy rely on automated information systems – this includes home, federal, and corporate entities

You can’t defend what you don’t know you have. Information is an asset, and should be treated as such.

Within five years, every business will be conducting asset inventory and valuation of its information as any other asset – some entities within the Federal Government, he explained, may not appreciate the value of their information and may not even realize they have it.

Do the right things, the right way, at the right time: Cyber hygiene is great, but has to be applied smartly – 85 percent of breaches, he explained, are due to improper patching of common vulnerabilities. The basics come first – stakeholders should update apps, OS, and apply other simple fixes. Care and due diligence is required.

Investment. The General introduced “Touhill’s Law,” which contends that one human years accounts for twenty five “computer” years – by this math, some machines in the federal government architecture are several thousand years old. Depreciation and recapitalization are key; from a strategic standpoint, neglecting this reality is a failure.

It’s all about the risk. In a contemporary sense, much of the risk is deferred to server management teams and IT, and decisions on that risk are not being made at the right levels.

The general indicated a desperate need for a cogent strategic cyber framework on which to operate and that these five lines of effort are a good foundation for such a framework.

Fiction’s Role in Challenging Assumptions

August Cole, a noted analyst and fiction author, began by recounting the impact that Tom Clancy’s 1986 thriller Red Storm Rising had on his life. As a fiction author, he went on the explain, his job is to think the unthinkable, devoting intellectual energy and professional attention to considering tomorrow’s conflict from a multitude of perspectives. Fiction, Cole explained, allows us to consider an adversaries perspective and confront our own biases to present a bigger truth.

Cole and his co-author Peter Signer’s novel Ghost Fleet addresses the rise of China – the book starts a conversation in an engaging way that captured the authors’ imagination. The writing process caused the authors to confront some uncomfortable truths. The American way of war, he said, is predicated on technical superiority that isn’t necessarily in line with our evolving reality. The reliance on tech creates a vulnerability, and through the lens of great power competition, we should be thinking about the difference between our assumptions about conflict and how conflict will actually be. One must challenge their assumptions, and resist the urge to fall in love with their own investments.

Information as a Commodity and Vulnerability

As a policy analyst and social scientist, Dr. Turner-Lee looks to understand behaviors that are overlaid with technology – she has focused on what we need to do to create equitable access to technology. Tech, she explained, is changing the nature of human behavior and increasing vulnerabilities. We must consider, she said, how we are contributing to the evolution of the tech ecosystem from the realm of consumption to an entity that effects the fabric of national security. What we understand as being “simple” actually isn’t, and what started as a privacy discussion has evolved into a security issue. When considering social media, Dr. Turner-Lee went on, it is interesting to see how 140 characters can become the catalyst for campaigns that threaten national security.

Dr. Turner-Lee mentioned the concept of pushback from technology companies against government requests for information and policies that need to be engaged to address this. There is a role, she explained, for the military to identifies vulnerabilities, while companies are appointing chief privacy officers and innovation officers, while lastly, the research community needs people to understand how information has become a commodity. As researchers, she explained, she and her colleagues are trying to find vulnerability and understand the impact on our national economy by looking at the nature of human behavior prescribing the right policies to ensure threats are minimized.

Given the current security landscape for cyber, what do you see as the greatest cyber threats facing the U.S.?

Brig. Get Touhill explained that at the Department of Homeland Security, they binned threats into 6 groups:

Vandals – frequent and common

Burglars – financially motivated and prevalent

Muggers – this includes hacks like SONY as well as cyber-bullies

Spies – can be either insiders or traditional political-military threat looking to gain a competitive edge by stealing intellectual property.

Sabatuers – pernicious, difficult to find, and could be, for example, an individual who is fired but retains access to a system.

Negligent Users – This group constitutes the greatest threat. This group includes the careless, negligent, and indifferent in our own ranks.

China has been evidently and aggressively pursuing AI, hypersonic, quantum computing, and other next-generation technology – what does this mean for our assumption about the American way of war over the next several decades?

August Cole explained that the U.S. must directly confront the assumption that we will always have the edge of technical superiority – this may very well remain true, he said, but we cannot count on it. From a PRC military point of view, they look to not only acquire capabilities but further their knowledge on how best to employ them. We must, he went on, work to connect information and technology that we would not instinctively put in the same basket by considering, for instance, the battlefield implications of a hack on a healthcare provider who serviced military personnel. Technology, he explained, will alter the relationship between power and people, and understanding this connection is complex and difficult. Fiction allows us to synthesize these realms in a way that may be difficult otherwise – and appreciate the operational implications.

How has social media impacted our ability to monitor and address national security threats?

Dr. Turner-Lee began by exploring the implication of emerging social media tools that do not curate data (think Snapchat), explaining that as encryption technology has become more sophisticated, it has further complicated the national security problem. Nicole referred to “permission-less innovation,” meaning that the tech community continues to innovate in ways that cannot be controlled and this innovation is sometimes disruptive. Social media, she went on, is not always designed with privacy in mind, and enacting privacy policies has been reactionary for many companies.

Turner-Lee addressed the general hesitation of users to hand over or allow the collection of their information – personal data, she said, is seen as just that – personal – and companies promote this quality in their tech. For instance, she alluded to the current lawsuit between Twitter and the federal government over the identities of disruptive Twitter accounts. The disconnect between privacy and security, she concluded, can sometimes constitute a weakness.

The moderator pointed out that while tech has developed, policy has lagged. Mr. Cole added that the “internet of things” provides a corollary to this. Further development of wearable or say-to-day tech that generates and collects data automatically has national security implications. He provided an example in the domain of land warfare, suggesting that operators could notionally create a digital map based on device feedback. The data and processing power to make these analytics will exist, he affirmed, but we haven’t considered it.

Dr. Turner-Lee further elaborated that machine-to-machine interactions, which are based on algorithms that predict what you will or will not do, sustain a threat to national security when those algorithms are incorrect or tampered with. For instance, autonomous vehicles could be hacked and directed in a way that makes them a vehicular bomb. Overcoming machine-to-machine bias is very difficult and constitutes a security risk proportional to our dependence on machine-to-machine tech. This is a space, she said, with many vulnerabilities, driving itself in ways we are unaware of.

Conclusion

The final day of NAFAC 2017 proved a fitting end to three days of intense discussion and consideration on the topic of a new era of great power competition. VADM Foggo’s address brought a much needed operational perspective to the delegates and attendees, relaying the seriousness and immediate applicability of the question at hand, particularly for those midshipmen who will be serving aboard operational vessels in just a few short months. Further, the Technology and Cyber-Competition panel provided much needed context for the changing nature of tomorrow’s conflicts, challenging many long-held assumptions about the way of war.

Our representatives were impressed with the diligence, research, and creative thought participants brought to the round table panels. Readers can look for select publications from the Round Tables next week, when CIMSEC will share outstanding research essays from delegates. CIMSEC is extremely grateful to the United States Naval Academy, MIDN Charlotte Asdal and her NAFAC staff, and senior advisors and moderators for allowing us to participate in this year’s conference and share the great value of this discussion with our readership.

Until next year!

Sally DeBoer is the President of CIMSEC for 2016-2017. She can be reached at president@cimsec.org.

The relationship between the sea and information is ancient. In 480 BC, the Greeks learned of a secret naval invasion planned by the Persians. According to Simon Singh in The Code Book, the message was delivered steganographically on a covered tablet giving sufficient time to prepare for a defense that ultimately led to victory.1 Through information theory, the quantitative theory of coding and transmission of signals and information, we discover that information is a physical property of our reality and a resource to be guarded. In the words of Charles Seife, “Information is every bit as palpable as the weight of bullet, every bit as tangible as the heft of an artillery shell—and every bit as vulnerable as a freighter full of ammunition.”2

Today’s maritime security hinges on information. As Admiral (ret.) James Stavridis argues, nowhere is the gap between threat (high) and defensive capability (low) as large as on the cyber front. Derived from ‘cybernetics,’ “cyber” loosely refers to information loops and everything that is connected to a computer network. The shipping industry (which feeds, fuels, and clothes our country) is growing increasingly connected to the internet and therefore more vulnerable to cyber attacks. New cyber technologies are also being used in the maritime field to solve climate and natural resource puzzles — both keys to long term human survival. Through cyber education and training, citizens and leaders can gain an edge in the digital world and invest themselves in solving some of the most pressing maritime security problems.

Oceanic Applications

Our relationship to the ocean has been transformed by cyber. As John C. Perry outlines in “Beyond the Terracentric,” the ocean can be seen as an avenue, arena, and source.3 Before the standard shipping container system was invented, ships were unloaded with back-breaking efforts of manual laborers. Today, cranes take care of the work, moving containers from the ship to the shore (and vice versa). Sometimes loading and unloading is done with humans operating joysticks, while in other places computer programs sift through the manifests and unload using algorithms. Automatic ports may be targeted by external actors looking to manipulate freight shipments for their benefit.

In 2016, The Economistand The Journal of Commerce chronicled the sagas of the Port of Long Beach, California and the Port of Rotterdam, Netherlands and their transitions towards automation. When viewing an operation with computerized manifests, automatic cranes, and even driver-less trucks moving containers, it is imperative to remember that what is connected can be compromised at every level. Such an interconnected world increases the opportunities for external targeting while raising the stakes for maritime security for the United States. Estimates show that ninety percent of the world’s goods are imported by sea.4 As a single example, each year more than $180 billion of goods (or 6.8 million containers) pass through the Port of Long Beach.5 A brief interruption in shipping made by a foreign government, company, or private individuals would likely ripple through a nation with economic effects reverberating up and down the supply chain.

On the bright side, new computer technologies may allow us to more easily monitor changes in ocean health conditions. With improved information, states and actors can ensure better protection for the ocean and fish that are crucial to industry and food supplies, especially in disputed areas. States can track each other and keep accountability through satellites and technologies like AIS (automatic identification system).New cyber capabilities like The Internet of Things (IoT) may allow us to revolutionize ocean data analysis and create new levels of environmental responsibility. Social entrepreneurship ventures like Blue Water Metrics now aim to crowdsource data collection via the world’s oceangoing shipping fleets and upload all the ocean data to a cloud database. Educating state leaders offers the best chance of maximizing the positive externalities of technological change, both in protecting natural resources and shipping assets.

Preparing Cyber Leaders

Increasing information literacy will improve competitiveness in nearly every field. Studying information theory, encryption, and coding with the same vigor as foreign languages may transform an individual’s field and personal career trajectory. In the book Dark Territory, Fred Kaplan describes how Cyber Command personnel grew from 900 to 4,000 between 2009 to 2012, and is expected to climb to 14,000 by the end of 2020.6 Established academic institutions could recognize certificate programs from organizations like Codecademy via transcript notations, which may improve educational and employment prospects.

Cyber education can be seen both as a patriotic duty and as an economic opportunity. As far back as 1991 the National Research Council observed that “the modern thief can steal more with a computer than with a gun.”7By educating tomorrow’s cyber leaders, institutions, and community, organizations can empower people to defend themselves intelligently against thieves and reinvent themselves by beginning careers in the digital world.

The Polaris of Programming

Not all innovation needs to be forward looking. In the evolutionary dance between encryption and decryption, centuries passed before certain “unbreakable” codes were broken. The Fletcher School at Tufts University combines international studies and the analysis of world events with cyber studies in its course Foundations of International Cyber Security. Scholar practitioners, such as Michele Malvesti, offer unique perspectives on the past and the pipeline of the future, including the importance of supply stream, deterrence, and attribution. Graduate-level cyber curricula can unlock strategic chess moves for governmental, citizen-led, and private organizations alike. Incorporating history in computer science education, like Harvard’s course Great Ideas in Computer Science, can provide fertile intellectual context where principles can be appraised and applied in modern contexts. Scientists throughout history, like Abu Yusuf Yaqub, Blaise de Vigenere, and Charles Babbage make great role models along with programmers like Ada Lovelace and RDML (ret.) Grace Hopper.

Conclusion

When programming is seen as an essential language, computer history as a strategic advantage, and information as an environmental and security opportunity, our digital tribe will be better able to overcome uncertainty and adversaries.

An entrepreneur and former boat captain, Jack Whitacre studied international security and maritime affairs at The Fletcher School of Law and Diplomacy. Contact him at James.C.Whitacre@gmail.com.

Grant Greenwell and Chris Barber join us for the 7th edition of Sea Control. We careen around the road, covering with particular attention intelligence collection, the DDG-1000, and force planning for Amphibious Operations. Join us for Episode 7, the Defense Knitting Circle (Download).

Sea Control comes out every Monday. Don’t forget to subscribe on Xbox Music or Itunes!